# initial setup - install `pyinfra` with your favorite package manager or - install `pipx` with your favorite package manager - add `~/.local/bin` to your `PATH` - `pipx install pyinfra` # before each use - communicate your intent to do changes to your co-admins to prevent conflicting access - run `git pull` to fetch the newest version - run `pyinfra @local deploy.py` to install/update `0x90.ssh_config` trustmebro - run `pyinfra --dry inventory.py deploy.py` and check that you are on the same state that is already deployed # Set up alpine on hetzner This was only tested with a cloud VPS so far. Source: (but it's less of a hassle than described there) To create an alpine server on hetzner, you need to first create a Debian VPS or something similar. Then you boot into the rescue system. Get the download link of the latest VIRTUAL x86_64 alpine iso from . Login to the rescue system via console or SSH, and write the ISO to the disk: ``` ssh root@xxxx:xxxx:xxxx:xxxx::1 wipefs -a /dev/sda wget https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-virt-3.20.3-x86_64.iso # or whatever link you got from alpine dd if=alpine-virt-3.20.3-x86_64.iso of=/dev/sda reboot ``` Then open the server console (SSH doesn't work), login to root (no password required), and proceed with: ``` cp -r /.modloop /root cp -r /media/sda /root umount /.modloop /media/sda rm /lib/modules mv /root/.modloop/modules /lib mv /root/sda /media setup-alpine ``` Then select what you wish, contrary to the guide above, DHCP is actually fine. The drive should be sda, the installation type can be sys (why go through the hassle). VoilĂ ! reboot and login. Probably the first SSH login will be via root password, as copy-pasting your public SSH key into the console doesn't work really. Make sure the SSH config allows this (and turn passwort root access off afterwards). ## Encrypting /var/lib/libvirt partition **Status: tested with Hetzner VPS, not deployed in production yet** Messing with file systems and partitions should not be done by automation scripts, so I created the LUKS-encrypted /dev/sdb partition manually. (So far, /dev/sdb was added via a Hetzner volume, but it can be any partition actually) To create a partition in the VPS volume (which was formatted to ext4 originally), - I ran `fdisk /dev/sdb`, - entered `o` to create a DOS partition table, - added `n` to add a new primary partition, using all available space, - and `w` to save to disk and exit. Then I ran `cryptsetup luksFormat /dev/sdb1` and entered the passphrase from `pass 0x90/ararat/sdb-crypt` to create a LUKS volume. Now I could decrypt the new volume with `cryptsetup luksOpen /dev/sdb1 sdb_crypt` and entering the passphrase from `pass 0x90/ararat/sdb-crypt`. Finally, I ran `mkfs.ext4` to create an ext4 file system in the encrypted partition.